Go to page

Go to page

MacInTouch

I’m afraid you could be right, Ric. No else seems to be having this problem. Both my iPad and Mac Pro are, but only at MacWorld? I thought it might be my local DNS server, so switched to Comcast’s, but it's still redirecting MacWorld.

Check all your DNS settings - not just the server address, also the search domains.

I had a problem where my computer had some old domains in the search list (resulting from moving the computer between different employers). When one of those domains expired and got taken over by domain squatters, it started redirecting unqualified host addresses to malware sites.

I wrote an article about this back in November. It is describing Windows, but the same principle should apply to any computer.

Check all your DNS settings - not just the server address, also the search domains.

I had a problem where my computer had some old domains in the search list (resulting from moving the computer between different employers). When one of those domains expired and got taken over by domain squatters, it started redirecting unqualified host addresses to malware sites.

I wrote an article about this back in November. It is describing Windows, but the same principle should apply to any computer.

Thanks, David. I read your article and took what steps I could think of to address that. I disabled my local DNS server, redirected my router, and desktop to OpenDNS (temporarily?). Deleted every search engine bookmark I have. Cleared Safari history and quit. Used Onyx to clear the DNS cache and all other internet related caches. Rebooted. Those pages still redirect.

It really feels like those two sites are passing the bad URL's. They will both render the entire page before redirecting. This can mean major shuffling of the page by the time it is finished. Both pages have randomised ads that vary from visit to visit, which may explain why it doesn't always do it?

I can't find anything irregular about my system, except that Little Snitch's Network Monitor had put a nondescript notice that Safari had a "Resource or signature modified."
Taccy and spctl confirmed it. Mojave didn't seem to think it was worth mentioning?

Thanks, David. I read your article and took what steps I could think of to address that. I disabled my local DNS server, redirected my router, and desktop to OpenDNS (temporarily?). Deleted every search engine bookmark I have. Cleared Safari history and quit. Used Onyx to clear the DNS cache and all other internet related caches. Rebooted. Those pages still redirect.

Yuck. At this point, it looks like you're going to need to do some packet sniffing (e.g. with WireShark) to see what's happening under the covers.

A packet trace should show you what hostname is actually being sent to your DNS server, what IP address is being returned from the server, and what data is being fetched from that address. Depending on what you find, that should help you isolate the cause of the problem.

If the hostname is not what you expect, then you may have an issue with your browser or network configuration.

If the DNS server address is not what you expect, double-check network configurations. Also check browser settings (e.g. alternate "secure DNS" servers)

If the IP address you get back is wrong, then the DNS server or some proxy in between is corrupt

If the IP address is correct, look at the HTTP transaction (your web browser may have a debug mode to show this) to see if you're receiving any redirect pages and where they are coming from

Just an additional thought: I hardly ever click on ads in MacWorld. In fact, I usually use Reader View which eliminates most of the ads since they're exceptionally annoying continuously updating the text position in the screen. Sometimes I forget to put the browser (Safari) in Reader View. If I remember correctly, just running your mouse across an ad without clicking will sometime make them act like they've been clicked.

Odds are it’s malvertising, rather than anything on your Macs, that comes from a JavaScript embedded in an ad provided by third parties that MacWorld, etc. subscribe to.
The way only way to avoid those is with a good adblocker, which is something OpenDNS provides, although I'm not certain how effective it actually is.
And as David mentioned, you need to clear your DNS cache after switching to a new DNS, in order to prevent re-using what the old DNS provided.

MacInTouch

They may be more labor-intensive than most folks would like, but NoScript and LittleSnitch are very useful, and I bypass the ISP's DNS, among other things. Firefox offers some Content Blocking options (including "Strict") which may be helpful, though I'm not sure exactly what blocked the malvertising for me (and now I have to go alert folks I directly support about the problem).

Frequent, rotated backups are a necessity, and I'm sure other folks can offer additional suggestions, too.

The security risk, then and now, is that everybody on the list can see everybody else's e-mail addresses.

If someone on the list wants to be malicious, he can use the data to get a list of known-good addresses, the users' real names, and the fact that they (probably) have some relationship to each other. When correlated with other such address lists, it can be used for phishing purposes (e.g. to send someone mail that appears to some from a friend or coworker).

In your particular case, if it's a closed list and everybody already knows each other, then it probably doesn't matter much.

As a digital subscriber to one of the big-name papers, while I have not experienced any direct navigational re-direct to Flash installers, on occasion I have experienced a fraudulent re-direct after clicking an actual article headline.

I also have long been a bit concerned about the paper's choice in advertising clients (vendors?) The paper's web pages are inundated not only with ad choices based upon their glean of my interests, but their pages are replete with click-bait, and in my humble opinion, deceptive or fraudulent products and articles on the order of the proverbial snake-oil.
Some of these click-bait links do ultimately engage in the fake Flash deception.
Yah, I clicked a couple... bad me!

I understand the need for these papers to rely on advertising, but can't they garner legit
underwriting? It's not only annoying but a bit embarrassing.

MacInTouch

As a digital subscriber to one of the big-name papers, while I have not experienced any direct navigational re-direct to Flash installers, on occasion I have experienced a fraudulent re-direct after clicking an actual article headline. I also have long been a bit concerned about the paper's choice in advertising clients (vendors?) The paper's web pages are inundated not only with ad choices based upon their glean of my interests, but their pages are replete with click-bait, and in my humble opinion, deceptive or fraudulent products and articles on the order of the proverbial snake-oil.
Some of these click-bait links do ultimately engage in the fake Flash deception.
Yah, I clicked a couple... bad me! I understand the need for these papers to rely on advertising, but can't they garner legit
underwriting? It's not only annoying but a bit embarrassing.

MacInTouch was funded by web advertising in the beginning - a very long time ago in the early days of the Web (late 1990's). We took text and graphic ads directly from the advertisers. When Flash entered the picture, and advertisers demanded that Flash ads be run, I refused, because I could not vet Flash ads for security problems while Flash ads ran unknown code on the website visitor's computer. We took a major financial hit.

Later I started running Google ads, which brought in thousands of dollars, but when Google started putting offensive and misleading political ads on my website in the midst of a critical presidential election, I immediately terminated the Google ads and took yet another financial hit.

Now, ads are mostly delivered through "ad network" platforms (like Google AdSense) where third parties pay to deliver mixed media and code into the computers of people visiting a publisher's websites, and "malvertising" has run amok.

We get constant solicitations to host advertising and place third-party content on MacInTouch, which I refuse to do.

MacInTouch is now funded only by direct contributions from people who derive benefit from its content and support services and by small commissions on Amazon purchases through our affiliate links that become worthwhile only at scale (which we've gotten solely from the US, as non-US experiments actually have been a net loss).

I suspect that a lot of media outlets don't actually run their own web advertising, but instead use a third-party company to supply ads. These companies probably don't look too closely at who is buying the ads, since everybody's money is just as green. And when they end up serving malware, well, the site actually posting the ads is going to get the blame, not the ad network company.

Content blocking | Firefox Help
Content blocking is a collection of Firefox privacy features that protect you from threats and annoyances on the Web. This includes protections against trackers, which collect your browsing data across multiple websites. Starting with Firefox version 67, you can block harmful scripts including cryptominers and fingerprinters.

I typically access bank accounts and credit cards on my laptop. However, the banks have become very aggressive at promoting their phone apps, which I have refused to download for many years. I'm beginning to change my mind but wonder how safe and secure these apps are now. (And, yes, I do have a fingerprint and long security number on my phone.)